Documentation
Next to the mandatory policies, procedures and records, there are 4 Mandatory Documents that need to be available and ready for the external audit certification: Management Review, Internal Audit Report, Scope of ISMS and Statement of Applicability
Preparing Management Review is automated in Compleye Online, read on Management Review section step by step how and what to do.
[2] Internal Audit
Internal Audit is done by a third party and the final report is uploaded to the Internal Audit section of the Compleye Online together with the findings and approvals. Internal Audit procedure needs to be followed and documented as part of the mandatory Policies and Procedures, we have a template for Internal Audit Procedures provided to you under the section Templates.
[3] Scope of ISMS
The main purpose of setting the ISMS (information security management system) scope is to define which information you intend to protect. Carefully define the scope as auditor will check if all the elements of the ISMS work well within your scope; he won’t check the components that are not included in your scope.
[4] Statement of Applicability
It is very relevant document because it describes how you will implement your information security. Statement of Applicability shows which of the suggested 114 controls (security measures) from ISO27001 Annex A are applicable to your ISMS and how you have implemented them. You can use SoA template to create the overview and map the controls with evidence for applicable and implemented controls.
You can add the document to this section by navigating to Add new and filling in the form.
At any point you can add new version of the document and have overview of previous versions as well as approvals and reviews.
